Security professionals worry about technology sprawl as threats evolve

A new study of nearly 14,000 information security professionals worldwide shows that two-thirds of respondents are concerned about the addition of multiple security technologies, often referred to as sprawl.

The Global Information Security Workforce Study (GISWS) produced by (ISC)² a not-for-profit membership body of certified information and software security professionals worldwide, is largest study of the information security profession ever conducted.

"Many of the facets discovered in this year’s workforce study demonstrate that aspects of the information security program are being carried out in IT departments and other business units -- positioning IT as a force multiplier," says David Shearer, executive director of (ISC)². "Cloud adoption rates and projected increases in spending on security tools and technologies are further increasing the need for IT and security departments to function collaboratively. Year after year, the study has shown a workforce shortage; but now, we're finding that the shortage is being compounded with issues that are becoming more prevalent, such as configuration mistakes and oversights that can be detrimental to the security posture of global businesses".

Among the findings of the study are that phishing is the top threat technique employed by hackers, cited by 54 percent of respondents, and that the estimated time to fix an attack following a system or data compromise is getting longer. An average attack takes between two and seven days to fix according to 44 percent.

It also shows that respondents think additional training and education are needed most in the areas of cloud computing (57 percent), BYOD and incidence response (both 47 percent). Respondents felt that when it comes to retaining information security professionals, support for training and professional security certifications is essential. Lack of in-house skills is cited by 49 percent as the reason for turning to outsourcing.

There's much more detail in the full report which can be downloaded from the (ISC)² website and there will be a session discussing the findings at the RSA Conference on Monday April 20.

Image credit: fotogestoeber / Shutterstock